Automated detection of code vulnerabilities based on program analysis and model checking

Proceedings - 8th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2008

Volumn , Issue , 2008, Pages 165-173

  Wang, Lei ^a   Zhang, Qiang ^a   Zhao, PengChao ^a  

^a BEIHANG UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); COMPUTER SOFTWARE; MODAL ANALYSIS; OPEN SYSTEMS; SOFTWARE RELIABILITY; TRACE ANALYSIS;

ANALYSIS AND MODELS; AUTOMATED DETECTIONS; BUFFER OVERFLOWS; CODE SIZES; CONSTRAINT BASED; MEMORY SIZES; OPEN SOURCE SOFTWARES; PROGRAM ANALYSIS; PROGRAM SLICING; PROTOTYPE IMPLEMENTATIONS; REACH ABILITIES; RELATED VARIABLES; SOFTWARE DEVELOPMENTS; SOFTWARE SYSTEMS; STATIC ANALYSIS METHODS;

MODEL CHECKING;

EID: 56349123085     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SCAM.2008.24     Document Type: Conference Paper

References (27)

1. J. Viega, J.T. Bloch, T. Kohno, and G. McGraw, "ITS4: A Static Vulnerability Scanner for C and C++ Code", In ACSAC, December. 2000, pp. 257-267,
2. D. Pozza, R. Sisto, "Comparing Lexical Analysis Tools for Buffer Overflow Detection in Network Software", In COMSWARE, January. 2006, pp. 1-7.
3. D. Evans, J. Guttag, J. Homing, and Y.M. Tan, "LCLint: A Tool for Using Specification to Check Code", In SIGSOFT FSE, December. 1994, pp. 87-96.
4. D. Avots, M. Dalton, V.B. Livshits, and M.S. Lam, "Improving Software Security with a C Pointer Analysis", In ICSE, May. 2005, pp. 332-341.
5. Newsome J., Song D., Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software, In NDSS, Feb. 2005.
6. D. Beyer, T.A. Henzinger, R. Jhala, and R. Majumdar, "The Software Model Checker Blast: Applications to Software Engineering", In STTT, 2007, pp. 505-525.
7. G.C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer, "CCured: type-safe retrofitting of legacy software", In TOPLAS, May. 2005, pp. 477-526.
8. D. Wagner, J. Foster, E. Brewer, and A. Aiken. "A first step towards automated detection of buffer overrun vulnerabilities", In NDSS, 2000, pp. 3-17.
9. P. Cousot, P. Cousot, "Formal language, grammar and set-constraint-based program analysis by abstract interpretation", In FPCA, Oct. 1995, pp. 170-181.
10. N. Sethi, C. Barret, "Cascade: C assertion checker and deductive engine", In CAV, 2006, pp. 166-169.
11. B.W Xu, J. Qian, X.F. Zhang, Z. Qiang Wu, and L. Chen. "A brief survey of program slicing", In ACM SIGSOFT Software Engineering Notes. 30(2), Mar. 2005, pp. 1-30.
12. M. Weiser, "Programmers use slices when debugging", In Commun. ACM, 1982, pp. 446-452.
13. M. Weiser, "Program slicing", In IEEE Transaction on Software Engineering, 1984, SE-10(4), pp. 352-357.
14. J.R. Lyle, D.R. Wallace, "Using the unravel program slicing tool to evaluate high integrity software", In Proceedings of Software Quality Week, May. 1997.
15. Clarke E.M., Grumberg O., and Peled D., Model Checking. MIT, 1999.
16. Queille, J.P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: Proc. Symposium on Programming, LNCS 137. Springer, 1982, pp. 337-351.
17. Henzinger, T.A., Jhala, R., Majumdar, R., Necula, G.C., Sutre, G., and Weimer, W., Temporal-safety poofs for systems code. In: Proc. CAV, LNCS 2404, Springer, 2002, pp. 526-538.
18. E. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith, " Counterexample-guided abstraction refinement for symbolic model checking", In J. ACM, Sep. 2003, pp. 752-794.
19. T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. "Lazy abstraction", In POPL, 2002, pp. 58-70.
20. A. Srivastava, A. Eustace, "ATOM: A System for Building Customized Program Analysis Tools", In PLDI, June. 1994, pp. 528-539.
21. C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. Reddi, and K. Hazelwood. "Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation", In PLDT, June. 2005, pp. 190-200.
22. M. Tikir and J. Hollingsworth, "Efficient Instrumentation for Code Coverage Testing". In ACM SIGSOFT Software Engineering Notes, 2002, pp. 89-96.
23. K. Ku, T.E. Hart, and M. Chechik, "A Buffer Overflow Benchmark for Software Model. Checkers", In ASE, 2007, pp. 389-392.
24. D. Beyer, A.J. Chlipala, T.A. Henzinger, R. Jhala, and R. Majumdar, "Generating Tests from Counterexamples". In ICSE, 2004, pp. 326-335.
25. O. Ruwase, M. Lam, "A Practical Dynamic Buffer Overflow Detector", In NDSS, 2004, pp. 159-169.
26. R. Jones, P. Kelly, "Backwards-compatible bounds checking for arrays and pointers in C programs". In Proceedings of the International Workshop on Automatic Debugging, May. 1997, pp. 13-26.
27. D. Beyer, T. A. Henzinger, and G. Théoduloz, "Configurable Software Verification: Concretizing the Convergence of Model Checking and Program Analysis", In CAV, 2007, pp. 504-518.